In recent years, companies have been required to reinforce their internal controls. For example, the Sarbanes-Oxley Act has come into effect as a countermeasure against corporate misconduct.
To reinforce internal control, various methods for improving information security are widely known.
For example, in recording of business procedures using workflow systems, application operations and approval operations occurring in the business can be defined as workflows. Electronic document management systems are proposed in which application documents are sent and approval operations are performed according to the workflows so as to store the business procedures (histories) in the systems.
For example, MFPs (multifunction peripherals) have authentication functions and are capable of preventing unauthorized use of the apparatuses by performing user authentication in use of the apparatuses. In addition, the MFPs define access rights for each person, each post, and each department and permit the persons, posts, and departments identified by the authentication to use the apparatuses only within the range of their rights.
Specifically, the MFPs require users to input authentication information, such as login names, login IDs (identifications), and passwords, in use of the apparatuses and permit the users to use the apparatuses within their rights if the information input by the users matches authentication information that is registered in advance.
However, with such authentication methods in related art, if the authentication information including login names, login IDs, and passwords leaks out to others, the electronic devices are used without restriction to compromise internal control and possibly cause enormous damage.
In order to prevent such compromise and damage, fingerprint authentication having a higher security level may be adopted. However, such authentication systems are expensive. In addition, since different departments require different security levels even in the same company, it is difficult to introduce a uniform authentication system.
Furthermore, since each time the authentication system is changed in the related art it is necessary to modify or update documents describing and disclosing the authentication method, it is troublesome for companies to introduce and for users to perform the modification or update.